Eighty-five percent. That’s the number of organizations that are “accidental” software pirates, meaning they use more software than they paid for, according to a recent International Data Corporation study. A similar study by IBM and Information Week revealed that 70 percent of organizations have undergone a software audit in the past 12 months — or expect one to occur. Of these organizations, almost one-third have been audited two or more times.

Three-Pronged Security and Software Asset Management

“Describing software asset management (SAM) as complex is an understatement,” said Michael Sarna of IBM. “You have pressures from the industry side — such as complex software licensing models and metrics — as well as challenges from the client side, like IT budget pressures and financial risk associated with unlicensed use.”

The following are three questions Sarna said he thinks organizations should be able to answer:

  1. What do we own?
  2. What are we using?
  3. What do we need?

How does SAM relate to keeping your data secure? According to Sarna, it’s common sense.

“As cybersecurity escalates, so does your software management responsibility,” he said. “Unpatched holes in your software present a perfect opening for costly and disruptive security breaches. But patching your software properly means you need to know where your software is deployed, in which versions, how it’s being used and by whom and whether or not patches have already been provisioned.”

IBM’s Danna Rother joined Sarna in the presentation and said she feels that although he is correct in his assessment of the complexities, there are great benefits organizations can yield from properly instituting a SAM strategy.

“The upside of a proper SAM strategy is centered around three primary areas,” Rother said. “Operational benefits, like information security and business continuity; risk mitigation, which can limit your exposure to unexpected costs as a result of a failed audit; and financial benefits like understanding what you’re currently using today.”

Michael Sarna and Danna Rother from IBM are joined by Rick Davenport and Barry Le Cornu from Allstate at IBM InterConnect.

Software in Good Hands

Rick Davenport and Barry Le Cornu of Allstate Insurance echoed sentiments from Sarna and Rother at IBM InterConnect.

“Allstate committed to putting a strong software asset management program in place in 2012,” Davenport said. “It’s helped us continually improve our ability to manage our software licenses, [reduce] our compliance risk and will eventually enable us to optimize our software spend. And now that we know what we’ve deployed and where, we’re better positioned to find any unpatched holes in our systems and keep our corporate data protected.”

If you want to learn more about how to improve your software audit posture and keep your data safe and secure, explore a software asset management solution for your office with IBM Unified Endpoint Management™.

Image Source: iStock

More from Application Security

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today